Activation Guide • • • • Google Message Filtering Google Message Security Google Message Discovery Postini Email Security
Google, Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043 www.google.com Part number: ASBSG_R646_10 22 December 2011 © Copyright 2011 Google, Inc. All rights reserved. Google, the Google logo, Google Message Filtering, Google Message Security, Google Message Discovery, Postini, the Postini logo, Postini Perimeter Manager, Postini Threat Identification Network (PTIN), Postini Industry Heuristics, and PREEMPT are trademarks, registered trademarks, or service marks of Google, Inc.
documentation. Although their code does not appear in gd 1.8.4, the authors wish to thank David Koblas, David Rowley, and Hutchison Avenue Software Corporation for their prior contributions.
Overview and Prerequisites Overview This guide describes the activation process for the message security service. After ordering your service, you’ll receive a registration confirmation email and a setup email, and later an activation email. You can use the information in the setup email to begin the activation steps described in this guide. Follow these steps to activate the message security service: • First, follow the steps in “Complete the Setup and Activation Wizard” on page 7.
Complete the Setup and Activation Wizard During the activation process for the message security service, you receive the following three emails: • Registration confirmation email: This email provides registration details, confirms that your registration was successful, and enables you to review your account information. Details include your activation domain (for example, stellarshores.com), company name, address, contact information, and the name of the service that you ordered.
To complete the Setup Wizard, follow these steps: 1. Open the Setup Wizard by clicking your “Setup and Activation page” URL in your setup email. 2. Copy the activation key from your setup email (an example of an activation key is shown below). 3. Paste the activation key into the Activation Key field of the Setup Wizard as shown in the example below, and click LOG IN.
This opens the first step of the Setup Wizard as shown below: 4. In the Domain field, enter the domain for your account (for example, stellarshores.com). Be sure to copy your domain name with exactly the correct spelling in this field. 5. In the Email Server field, enter the host name or IP address of your domain’s email server (for example, mail.stellarshores.com). To look it up, click the “Find from Domain” button. 6. Enter the email address for Notifications and Support.
7. In the Administrator Login Address field, enter the email address of an administrator in your organization. This is your login name for administering the service. The email address must be in the domain that you entered in the Domain field. 8. Enter a password in the Administrator Password field. Tip: The security requirements for passwords are high since this account holds all the mail for your domain, so your usual passwords might not be accepted. For help, see “Password Requirements” on page 10. 9.
• Cannot resemble a word in the dictionary. When you enter a suggested password, the system: • Converts common character substitutions to the familiar character. In other words, the @ sign becomes the letter “a,” and the number “1” becomes the letter “L,” and so on. • Removes all numbers that act as substitutions for letters. • Removes common suffixes (“ing”, “er”, “es”, y”) If the result is in the dictionary, the password is rejected.
Choose Your Rollout Strategy Once you’ve completed the Setup and Activation Wizard, it’s time to decide your next steps. Choose one of the following two options for your rollout strategy: • Change your MX records first, and then later add users and set up your service in the administration console. • Add users and set up your service first, and then change your MX records later. IMPORTANT: Whichever strategy you choose, you’ll need to finish both of these steps to complete your activation.
Change Your MX Records Once you complete the Setup Wizard, you receive an activation email, which provides the information you need to change your mail exchange (MX) records. The activation email arrives within two business days of completing the wizard. MX records represent the mailing address for your domain's email. To ensure that messages for users within your domain are filtered and/or archived, you need to change your domain’s MX records to point to the message security service.
To update your MX records: 1. Log in to your domain registrar (also called “domain host” or “domain provider”). See the instructions below for specific domain registrars. 2. Change the MX records for the domain listed in your activation email. The activation email provides a list of MX records for switching mail flow to the message security service. The activation email also provides your Administration Console login information.
When you are finished switching your MX records to the message security service, go to “Test Your MX Records” on page 41. GoDaddy The following steps use example MX records. Be sure to enter the exact MX records shown in your activation email. To modify your MX records with GoDaddy, do the following: 1. Log in to your account at www.godaddy.com. 2. Open the Domains tab and select My Domain Names. You'll be directed to the Manage Domains page. 3. Click the domain that you'd like to use. 4.
When you are finished switching your MX records to the message security service, go to “Test Your MX Records” on page 41. Tips for Changing Your MX Records with GoDaddy • If your domain registrar allows this, we recommend that you keep your current MX records (examples shown in bold below) as a precaution until you have verified mail flow through the message security service. However, be sure to assign the MX records shown in your activation email with the higher priority values (lower numbers).
stellarshores.com. IN MX 3 s7b1.psmtp.com. stellarshores.com. IN MX 4 s7b2.psmtp.com. Enter each of the MX records in the “Goes To Address (Mail Server)” column. Be sure to enter your actual domain name for yourdomain.com. Be sure to include the trailing dot as shown in this example, and assign priority values of 1, 2, 3, and 4: Priority Value Hostname Goes To Address (Mail Server) TTL Value 1 @ yourdomain.com.s7a1.psmtp.com. 1 week 2 @ yourdomain.com.s7a2.psmtp.com. 1 week 3 @ yourdomain.
Keep in mind that changes to MX records will take time to propagate throughout the Internet. The length of time depends on the Time to Live (TTL) for your domain. When you are finished switching your MX records to the message security service, and when the TTL has expired, go to “Test Your MX Records” on page 41.
stellarshores.com. IN MX 4 s7b2.psmtp.com. Enter each of the MX records in the “Mail Server” column. Be sure to enter your actual domain name for yourdomain.com. Be sure to include the trailing dot as shown in this example, and assign priority values of 1, 2, 3, and 4: Priority Mail Server 1 yourdomain.com.s7a1.psmtp.com. 2 yourdomain.com.s7a2.psmtp.com. 3 yourdomain.com.s7b1.psmtp.com. 4 yourdomain.com.s7b2.psmtp.com.
7. For each MX Record, enter information according to the examples below. Be sure to refer to your activation email for your actual MX records (for additional instructions, see “Tips for Changing Your MX Records with Enom” on page 22): .s.s.s.sa1.psmtp.com. number>a2.psmtp.com. number>b1.psmtp.com. number>b2.psmtp.com. • Include an @ sign in the Host name column for each record.
• • Enter each of the MX records (as highlighted in the example above) in the Address column. Be sure to enter your actual domain name for yourdomain.com. Be sure to include the trailing dot as shown in this example, and assign priority values of 1, 2, 3, and 4: Host name Address Pref @ yourdomain.com.s7a1.psmtp.com. 1 @ yourdomain.com.s7a2.psmtp.com. 2 @ yourdomain.com.s7b1.psmtp.com. 3 @ yourdomain.com.s7b2.psmtp.com.
4. Under Custom MX Records, delete the existing MX record, and enter the following MX record (refer to your activation email and enter the first MX record that’s listed): s7a1.psmtp.com. Make sure the MX record is entered exactly as it appears above, including the trailing dot at the end of the record. 5. Click Update your custom MX records now! IMPORTANT: Your activation email may display a set of four MX records as shown below. For example, if your domain is stellarshores.
7. Click Submit. When you are finished switching your MX records to the message security service, go to “Test Your MX Records” on page 41. Tips for Changing Your MX Records with Yahoo • If your domain registrar allows this, we recommend that you keep your current MX records (examples shown in bold below) as a precaution for 48 to 72 hours, or until you have verified mail flow through the message security service.
Enter each of the MX records (as highlighted in the example above) in the “Mailserver Hostname” column. Be sure to enter your actual domain name for yourdomain.com. Be sure to include the trailing dot as shown in this example, and assign priority values of 1, 2, 3, and 4: Mailserver Hostname Priority yourdomain.com.s7a1.psmtp.com. 1 yourdomain.com.s7a2.psmtp.com. 2 yourdomain.com.s7b1.psmtp.com. 3 yourdomain.com.s7b2.psmtp.com.
10. Repeat the last few steps above by entering the following MX records. For example, if your domain is stellarshores.com and you are on System 7 for the message security service, you would enter the following records: stellarshores.com.s7a2.psmtp.com. stellarshores.com.s7b1.psmtp.com. stellarshores.com.s7b2.psmtp.com. Be sure to include the trailing dot as shown in this example, and assign the highest priority values to the MX records shown in your activation email.
3. On the left side, click the domain you'd like to use with the message security service. 4. Next to Mail Service, click On to disable the default MX records. 5. Next to DNS Configuration, click EDIT. 6. If you've already created custom MX records, be sure to erase all existing records before adding MX records for the message security service. 7. Click Add DNS MX Record. 8. Enter the following (while entering your actual domain name -- for example, solarmora.
• Once you are sure that mail flow through the message security service has been established, we highly recommend that you remove your old MX records to ensure your email traffic does not bypass the message security service and connect directly to your mail server. (You verify your MX records later in the activation process. See “Test Your MX Records” on page 41 and “Test Filtered Mail Flow” on page 45.
To modify your MX records with EveryDNS, do the following: 1. Log in to your account at EveryDNS.net. 2. On the left side, click the domain you'd like to use with the message security service. 3. Since EveryDNS.net is your hosting service, and not your domain registrar, be sure that your domain points to EveryDNS.net's nameservers. This will allow your MX record configuration to take effect. 4. Below Add a Record, enter the following: .sa1.psmtp.com.
Make sure each MX record is entered exactly as it appears below, including the trailing dot at the end of each record. Be sure to enter your actual domain name for yourdomain.com. In this example, N equals your system number for the message security service. See your activation email to make sure you are entering your correct system number.) Record Value If MX Record, MX Value yourdomain.com.sNa1.psmtp.com. 1 yourdomain.com.sNa2.psmtp.com. 2 yourdomain.com.sNb1.psmtp.com. 3 yourdomain.com.sNb2.
4. Scroll to the bottom of the page to view Mail Options. 5. Enter the following for the first MX record field. .sa1.psmtp.com. For example, if your system number is 7 and your domain name is solarmora.com, you would enter solarmora.com.s7a1.psmtp.com. See your activation email to make sure you are entering your correct system number. For additional instructions on changing your MX records, see “Tips for Changing Your MX Records for No-IP” on page 32. 6. Click Submit. 7.
Make sure each MX record is entered exactly as it appears below, including the trailing dot at the end of each record. Be sure to enter your actual domain name for yourdomain.com. In this example, N equals your system number for the message security service. See your activation email to make sure you are entering your correct system number. yourdomain.com.sNa1.psmtp.com. 1 yourdomain.com.sNa2.psmtp.com. 2 yourdomain.com.sNb1.psmtp.com. 3 yourdomain.com.sNb2.psmtp.com.
5. Click Mail Records (MX). 6. For MX Resource records, enter the following: .sa1.psmtp.com. For example, if your system number is 7 and your domain name is solarmora.com, you would enter solarmora.com.7a1.psmtp.com. See your activation email to make sure you are entering your correct system number. For additional instructions on changing your MX records, see “Tips for Changing Your MX Records for DNS Park” on page 34. 7. Click Update. 8.
Make sure each MX record is entered exactly as it appears below, including the trailing dot at the end of each record. Be sure to enter your actual domain name for yourdomain.com. In this example, N equals your system number for the message security service. (See your activation email to make sure you are entering your correct system number.) Mail Domain Priority Hostname (auto-filled) 1st yourdomain.com.sNa1.psmtp.com. (auto-filled) 2nd yourdomain.com.sNa2.psmtp.com.
4. Below Update Record, enter the following information for the Primary and Secondary: .sa1.psmtp.com. .sa2.psmtp.com. For example, if your system number is 7 and your domain name is solarmora.com, you would enter: solarmora.com.s7a1.psmtp.com. solarmora.com.s7a2.psmtp.com. See your activation email to make sure you are entering your correct system number.
3. MX records may be located in DNS Management, Mail Server Configuration, or Name Server Management. It's possible that you will have to enable advanced settings to edit your MX records. 4. Add the following MX records: .s.s.s.sa1.psmtp.com. number>a2.psmtp.com. number>b1.psmtp.com. number>b2.psmtp.com. For example, if your system number is 7 and your domain name is solarmora.
yourdomain.com. IN MX 20 yourmailhost2.yourdomain.com • Once you are sure that mail flow through the message security service has been established, we highly recommend that you remove your old MX records to ensure your email traffic does not bypass the message security service and connect directly to your mail server. (You verify your MX records later in the activation process. See “Test Your MX Records” on page 41 and “Test Filtered Mail Flow” on page 45.
Troubleshooting MX Records I don't understand MX records. For more information about MX records and how to use them, see “FAQ: How MX Records Work” on page 49. I don't know who my domain registrar is. To find your domain registrar, follow these steps: 1. Search for "WHOIS server" on Google.com. 2. Select a search result from the list. 3. Type your domain name in to the field. 4. Click Submit. Note: Domain registrars are also referred to as DNS providers, domain providers, or domain hosts.
I’m unable to change my MX records with my domain provider. Why am I having trouble? Most ISPs and domain name providers that host the email for your domain are compatible with the message security service. However, 1and1 and XO Communications are known providers that are currently not compatible with the message security service.
Test Your MX Records After you change your domain’s MX records and wait for the (Time to Live) TTL to expire, log in to the Administration Console to perform this test and confirm that the new MX records have been propagated. Don’t proceed unless you’ve changed your MX records and waited for your TTL to expire, or this test might fail. (The default TTL setting varies for each domain registrar.
6. On the MX Record Test page, click the Test button. Be sure that your domain is named in the list. Wait a few moments, then view the results of the test at the bottom of the page. For example, if your domain is acme.com, successful results look like this. acme.com: MX records OK. acme.com acme.com acme.com acme.com IN IN IN IN MX MX MX MX 1 2 3 4 acme.com.s7a1.psmtp.com. acme.com.s7a2.psmtp.com. acme.com.s7b1.psmtp.com. acme.com.s7b2.psmtp.com.
If you have waited the full duration of the TTL and the test fails, troubleshoot as follows: • Verify that all records were entered correctly. For example, if the error message reports that a particular record couldn’t be found, that record might have been misstyped. If so, reenter it, wait for the TTL to expire, and try the test again. • Verify that your primary and secondary nameservers are properly synced with the new DNS records.
Test Filtered Mail Flow After confirming that your domain’s MX records are pointing to servers at the message security service, verify that mail sent to your domain is being routed through these servers and filtered. In this step, you run a test that sends a test message from an outside source, through the message security service, and to your server. To test filtered mail flow, follow these steps: 1. Return to the SMTP Message Test page.
3. Click the Test button Wait a few moments for the data center to send its test email. Then view the results of the test at the bottom of the page. Successful results look like this: Sending test email to helen@acme.com: Establish connection... Sending HELO Sending MAIL FROM Sending RCPT TO Sending data End of data dot Success The email data center can deliver email to this email server. 4. Retrieve the test message sent to your administrator’s Inbox.
Add Users and Set Up Your Service During the setup process, you'll do the following: 1. Determine the level of control over spam and virus-infected messages that you want to give your users. 2. Configure settings for your users. 3. Announce the message security service to your users. To help make this process easier, download our Email Templates (Zip file). 4. Add users and mailing lists to the service.
FAQ: How MX Records Work What is an MX record? An MX record tells senders how to send email for your domain. When your domain is registered, it’s assigned several DNS records, which enable it to be located on the Internet. These include MX records, which direct the domain’s mail flow. Each MX record points to an email server that’s configured to process mail for that domain. There’s typically one record that points to a primary server, then additional records that point to one or more backup servers.
For detailed instructions on how to update your MX records, see “Change Your MX Records” on page 15 Why should I update MX records? For the message security service to work, we need you to route your mail to us. When you update your MX records, we accept your mail, filter out the bad mail, and pass the good mail on to your server. When should I update my MX records? During activation, you'll receive a message telling you it's time to update your MX records.
Every DNS host has a different user interface for MX records. Some use a trailing period and some don't. Some allow you to set your TTL and some won't. Our instructions include information for most common MX hosts, but yours may be different. If you're not sure what to enter, use the same format as your existing MX records. Be sure that the message security service MX records have the first priority; the exact numbers don't matter as long as the message security service MX records are the first.
What happens if I type the wrong information into the MX record? If you type the incorrect delivery information in the MX record, some mail will bounce. The sender will receive a notice that the mail wasn't delivered. If this happens, correct the MX records as soon as possible. Some mail may still bounce for a period of time (up to the length of the new TTL setting), but the sooner you update the MX records to the correct setting, the fewer messages will bounce.
